<?PHP
session_cache_limiter('private, must-revalidate');
session_start();
include("std_dbs.php");

if(isset($_SESSION['logged_in']))
  {
    header('Location: index.php');
  } else
  {
    $title = "Registration";
    include('header.php');
  }
?>

		<!-- start content -->
		<div id="content">
			<div class="post">
				<h1 class="title"><a href="#">Registration</a></h1>

				<form method='POST'>
                                <table width="90%">
				<tr>
					<td>UserName:<br /> <input type="text" name="username" /></td>
					<td>eMail:<br /> <input type="email" name="email" /></td>
				</tr>
				<tr>
					<td>First Name:<br /> <input type="text" name="firstname" /></td>
                                	<td>Last Name:<br /> <input type="text" name="lastname" /></td>
				</tr>
				<tr>
					<td>Zip Code:<br /><input type="text" name="zipcode" /></td>
					<td>Password:<br /><input type="password" name="password" /></td>
				</tr>
				<tr>
					<td><br /><input type="hidden" name="register" value='1'><input type="submit" value="Register" /></td>
                                </tr>
				</table>
				</form>

				<?PHP
				if(isset($_POST['register']))
				  {
				    $username = addslashes($_POST['username']);
				    $password = addslashes($_POST['password']);
				    $firstname = addslashes($_POST['firstname']);
				    $lastname = addslashes($_POST['lastname']);
				    $zipcode = addslashes($_POST['zipcode']);
				    $email = addslashes($_POST['email']);

				    // we're going to use the first name as the salt                                                                                                                                                      
				    if(empty($username))
				      {
					echo "ERROR: username cannot be blank <br />";
				      } else if(empty($firstname))
				      {
					echo "ERROR: first name cannot be blank <br />";
				      } else if(empty($lastname))
				      {
					echo "ERROR: last name cannot be blank <br />";
				      } else if(empty($zipcode))
				      {
					echo "ERROR: zipcode cannot be blank <br />";
				      } else if(empty($email))
				      {
					echo "ERROR: email cannot be blank <br />";
				      } else
				      {
					// check if username exists
					$usernameLC = strtolower($username);
					$query = "SELECT USERNAME FROM USERS WHERE USERNAME='".$usernameLC."'";
					$stid = oci_parse($connect, $query);
					oci_execute($stid);
					if(oci_fetch_array($stid, OCI_ASSOC))
					  {
					    // taken
					    echo "ERROR: Username is taken <br />";
					  } else
					  {					  
					    // insert the user and get the user id
					    $query = "INSERT INTO USERS (USERID, USERNAME, FNAME, LNAME, ZIPCODE, EMAIL, LOGINIP) 
                                                      values (DEFAULT, '".$usernameLC."', '".$firstname."', '".$lastname."', '".$zipcode."', '".$email."', '".$_SERVER['REMOTE_ADDR']."') RETURNING ROWID INTO :rid";
					    $stid = oci_parse($connect, $query);
					    $rowid = oci_new_descriptor($connect, OCI_D_ROWID);
					    oci_bind_by_name($stid, ":rid", $rowid, -1, OCI_B_ROWID);

					    $query = "SELECT USERID FROM USERS WHERE ROWID = :rid";
					    $id_stid = oci_parse($connect, $query);
					    oci_bind_by_name($id_stid, ":rid", $rowid, -1, OCI_B_ROWID);

					    oci_execute($stid);
					    oci_execute($id_stid);
					  
					    $row = oci_fetch_array($id_stid, OCI_ASSOC);
					    $user_id = $row['USERID'];

					    $salt = $usernameLC;
					    $sha = sha1(sha1($password).$salt);
					    $query = "INSERT INTO AUTHENTICATE (USERID, PASSWORD, ROLE) values ('".$user_id."', '".$sha."', 1)";
					    $stid = oci_parse($connect, $query);
					    oci_execute($stid);
					    oci_commit($connect);

					    // make sure all the commits worked
					    echo "User Successfully Created";
					  }
				      }
				  } else
				  {
				    
				  }
                                ?>

		
				<div class="entry">
					<p>Register an account to login.</p>
				</div>
			</div>
		</div>
		<!-- end content -->
		

                <!-- start sidebars -->
                <div id="sidebar2" class="sidebar">
                   
                </div>
                <!-- end sidebars -->
                <div style="clear: both;">&nbsp;</div>
        </div>
        <!-- end page -->
</div>
<div id="footer">
        <p class="copyright">&copy;&nbsp;&nbsp;2009 All Rights Reserved &nbsp;&bull;&nbsp; Design by <a href="http://www.freecsstemplates.org/">Free CSS 
Templates</a>.$
</div>
</body>
</html>

